What it does
mcpo is an HTTP-to-MCP proxy that converts any MCP server into an OpenAPI-compatible endpoint. It sits between stdio-based MCP servers (or remote SSE/Streamable HTTP variants) and HTTP clients, translating MCP protocol into standard RESTful calls. Each tool is automatically exposed with interactive OpenAPI documentation, removing the friction of stdio's inherent limitations: no built-in auth, no standard error handling, and incompatibility with OpenAPI-expecting frameworks.
Who it's for
Backend engineers integrating MCP tools into HTTP systems, Open WebUI administrators exposing MCP capabilities to their platform, and teams building LLM agent frameworks that expect OpenAPI-compatible tool interfaces. Anyone needing to bridge MCP's stdio world with HTTP-first tooling without custom glue code.
Common use cases
- Expose a local MCP server (e.g.,
mcp-server-time) as an OpenAPI HTTP endpoint for direct consumption by HTTP clients. - Integrate multiple MCP servers into Open WebUI via a single proxy using mcpo's config file support.
- Serve MCP tools behind a reverse proxy by configuring
--root-pathfor subpath routing. - Gate MCP access with API key authentication without modifying the underlying MCP server.
- Connect remote MCP servers over SSE or Streamable HTTP without changing their implementation.
Setup pitfalls
- API key is required: The
--api-keyflag is mandatory; requests without a valid key are rejected. Omitting it results in an open, unauthenticated endpoint. - MCP server must be running: The underlying MCP command or HTTP endpoint must be live before mcpo starts; a stale or invalid endpoint causes startup failure.
- Port conflicts: Multiple mcpo instances require separate
--portvalues. Default is 8000; verify no other service is bound. - OAuth requires persistent storage: If using OAuth, the token storage directory must be writable and survive container/process restarts when using
--storage-type file. - Network exposure: mcpo opens a plaintext HTTP endpoint. In production, always run behind a TLS-terminating reverse proxy and restrict network access via firewall.